Return-Path: XPUM04@prime-a.central-services.umist.ac.uk
Received: from G.SEI.CMU.EDU by ubu.cert.sei.cmu.edu (5.61/2.3)
        id AA19420; Wed, 6 Jun 90 10:59:05 -0400
Received: from SEI.CMU.EDU by g.sei.cmu.edu (5.61/2.5)
        id AA03415; Wed, 6 Jun 90 10:59:02 -0400
Received: from nsfnet-relay.ac.uk by sei.cmu.edu (5.61/2.3)
        id AA15790; Wed, 6 Jun 90 10:58:44 -0400
Received: from sun.nsfnet-relay.ac.uk by vax.NSFnet-Relay.AC.UK 
           via Janet with NIFTP  id aa18930; 6 Jun 90 15:04 BST
From: Anthony Appleyard <XPUM04@prime-a.central-services.umist.ac.uk>
To: KRVW <@NSFnet-Relay.AC.UK:KRVW@sei.cmu.edu>
Date:         Tue, 05 Jun 90 14:07:12 BST 
Message-Id:   <$TGVGDBVHCNZN at UMPA>
Subject:      Virus-L vol 0 issue #0622



Virus-L Digest Wed, 22 Jun 88, Volume 0 : Issue #0622

Today's Topics

** no subject, date = Wed, 22 Jun 88 08:44:39 EST
** no subject, date = Wed, 22 Jun 88 09:23:53 PDT
Re: your mail
constructive viruses
RE: worms
** no subject, date = Wed, 22 Jun 88 17:10:15 EST
** no subject, date = Wed, 22 Jun 88 12:58:23 CST
RE: delete me from mailing list please
Are Tandy 1??? vulnerable?

------------------------------

Date:         Wed, 22 Jun 88 08:44:39 EST
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         Neil Goldman <NG44SPEL@MIAMIU>

I have seen the term 'worm' defined as:  "originally developed by systems
programmers to tap unused network resources to run large computer programs.
The worm would search the network for idle computing resources and use them to
execute a program in small segments.  Built in mechanisms would be responsible
for maintaining the worm, finding free machines, and replicating the program.
Worms can tie up all the computing resources on a network and essentially shut
it down.  A worm is normally activated every time the system is booted up."

 - from COMPUTER SECURITY, March/April, 1988

Question:  Is anyone aware of this type of virus in a PC environment?

Neil Goldman                         NG44SPEL@MIAMIU.BITNET
Ernst & Whinney
National Computer Audit Group

--------------------

Date:         Wed, 22 Jun 88 09:23:53 PDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         S John Banner <CCSJB@UVVM>
In-Reply-To:  Message of Wed, 22 Jun 88 08:44:39 EST from <NG44SPEL@MIAMIU>

>I have seen the term 'worm' defined as:  "originally developed by systems
>programmers to tap unused network resources to run large computer programs.
>The worm would search the network for idle computing resources and use them to
>execute a program in small segments.  Built in mechanisms would be responsible
>for maintaining the worm, finding free machines, and replicating the program.
>Worms can tie up all the computing resources on a network and essentially shut
>it down.  A worm is normally activated every time the system is booted up."
>
> - from COMPUTER SECURITY, March/April, 1988
>
>Question:  Is anyone aware of this type of virus in a PC environment?
>
>Neil Goldman                         NG44SPEL@MIAMIU.BITNET
>Ernst & Whinney
>National Computer Audit Group

   What would be the point? As I  understand it, the worm is supposed to
use  otherwise  unused  computing  resources  to  do  a  time  consuming
computation,  AND  return  the  result  when  you  are  done.  In  a  PC
environment however, how would the programmer ever be assured of getting
the result back  (and for that matter, keep getting  the results back in
various states of  completion for the next twenty years,  due to copies,
etc).

   You  may want  to note  here, that  I cannot  understand the  idea of
writing a virus (I can understand logic bombs, worms, etc., but viri are
just plain malignant, and I can't  understand that one at all), where as
a worm  actually has (can potentially  have, and don't tell  me viri can
too, I read the discussion a week  or two back on the virus that updated
the OS on the  disks, and I loved the idea),  a constructive purpose, so
my view may be just a touch slanted... :-).

                         sjb.

--------------------

Date:         Wed, 22 Jun 88 12:12:41 CDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         Len Levine <len@evax.milw.wisc.edu>
Subject:      Re: your mail
In-Reply-To:  Message from "S John Banner" of Jun 22, 88 at 9:23 am

>
>   You  may want  to note  here, that  I cannot  understand the  idea of
>writing a virus (I can understand logic bombs, worms, etc., but viri are
>just plain malignant, and I can't  understand that one at all), where as
>a worm  actually has (can potentially  have, and don't tell  me viri can
>too, I read the discussion a week  or two back on the virus that updated
>the OS on the  disks, and I loved the idea),  a constructive purpose, so
>my view may be just a touch slanted... :-).
>
>                         sjb.
>

there is NO good reason to use a virus to update a disk/disks.  Maybe
I want to keep a copy of the earlier version of whatever,  such a
virus would update or change stuff for me without my permission.
Maybe the update is worse than the original.  Why must I change?

len@evax.milw.wisc.edu

--------------------

Date:         Wed, 22 Jun 88 14:47:30 EDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         me! Jefferson Ogata <OGATA@UMDD>
Subject:      constructive viruses

Maybe you don't recall the details of the constructive virus sjb was
referring to.  It contained self-replicating code and patches for the
operating system it ran on.  When it encountered an old version of the
operating system, it would execute the patches and install itself on
the fixed version.  I believe it asked the user before altering the
boot disk.  I, for one, hate updating software on all the disks it might
be living on, and I love the idea of software that updates itself.

- Jeff Ogata

--------------------

Date:         Wed, 22 Jun 88 14:00:00 CDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         Jeff Hayward <JH@UHVAX1>
Subject:      RE: worms

  [ description of a worm omitted ]

>Question:  Is anyone aware of this type of virus in a PC environment?

There was a paper by Metcalfe and Boggs of Xerox PARC written back in the early
days of Ethernet that described a worm program they built using ALTOS pcs.

In the experiments they describe, willing PC owners left their systems running
a memory diagnostic at night.  The worm program could recognize such systems,
and acquire them via a network bootstrap.  One incarnation of the worm used
its' segments to break the computation of a graphic image into pieces, compute
the image in a parallel fashion, and display it at some location.  All was very
above board, useful, and non-destructive.  I believe they even found some
unexpected benefits, such as locating malfunctioning hardware by the exercise
given it at night.

If I can find the paper I'll post a reference.

Jeff Hayward
The University of Houston

--------------------

Date:         Wed, 22 Jun 88 17:10:15 EST
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         Neil Goldman <NG44SPEL@MIAMIU>

The reason I posted the request for information on PC-based worms is that
I am preparing a paper on viruses for distribution to our computer audit
executives.  It will provide them with the background to help clients when
they ask them about viruses.  The glossary will include a definition of 'worm'.

S. John Banner writes that a worm is designed to use otherwise unused computing
resources.  I view Computer Security's definition as implying that a worm would
monopolize resources, thereby slowing down the entire system's throughput.

I again ask for comment, with this in mind.

Neil A. Goldman
Ernst & Whinney
National Computer Audit Group

--------------------

Date:         Wed, 22 Jun 88 12:58:23 CST
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         David Camp <C04661DC@WUVMD>
In-Reply-To:  Message of Wed, 22 Jun 88 08:44:39 EST from <NG44SPEL@MIAMIU>

>I have seen the term 'worm' defined as:  "originally developed by systems
>programmers to tap unused network resources to run large computer programs.
>The worm would search the network for idle computing resources and use them to
>execute a program in small segments.  Built in mechanisms would be responsible
>for maintaining the worm, finding free machines, and replicating the program.
>Worms can tie up all the computing resources on a network and essentially shut
>it down.  A worm is normally activated every time the system is booted up."
>
> - from COMPUTER SECURITY, March/April, 1988
>
>Question:  Is anyone aware of this type of virus in a PC environment?
>
>Neil Goldman                         NG44SPEL@MIAMIU.BITNET
>Ernst & Whinney
>National Computer Audit Group

I have heard of something along this line.  I went to a seminar
about it, but I cannot remember the name of the researcher or
his university.  Perhaps I could be persuaded to look it up if
anyone is interested.

Anyway, the system is a replacement for Ultrix on Vax minicomputers.
A specialized kernel allows jobs to be submitted for remote processing.
The site in question has many Vaxes, which all look the same at the
machine language level.  Any machine that has been idle for 15 minutes
is made to run one of the submitted jobs.  When the user starts to
use the Vax again, the job is breakpointed and swapped out, to be
restarted when another processor becomes free.  They have supposedly
recovered hundreds of hours of computer time per month with this system.
-David-

*----------------------------------------------------------------------*
| (314) 362-3635                  Mr. David J. Camp                    |
| Room 1108D               ~      Division of Biostatistics, Box 8067  |
| 706 South Euclid       < * >    Washington University Medical School |
|                          v      660 South Euclid                     |
| david@wubios.wustl.edu          Saint Louis, MO 63110                |
*----------------------------------------------------------------------*

--------------------

Date:         Wed, 22 Jun 88 21:18:00 EDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         "Jim Shaffer, Jr." <SHAFFERJ@BKNLVMS>
Subject:      RE: delete me from mailing list please

>I tried sending SIGN-OFF VIRUSL to the list server, but I'm still
>receiving the messages.  Please remove my name from the list.

Since the list owner is very active on this list, he'll probably remove
you.

However, for future reference the command is SIGNOFF VIRUS-L.
You should have received some sort of error message from ListServ, though.

Please note that I am not in charge of the list, nor the server. I'm merely
supplying information.

--------------------

Date:         Wed, 22 Jun 88 16:11:26 EDT
Reply-To:     Virus Discussion List <VIRUS-L@LEHIIBM1>
Sender:       Virus Discussion List <VIRUS-L@LEHIIBM1>
From:         "Mark W. Eichin" <eichin@ATHENA.MIT.EDU>
Subject:      Are Tandy 1??? vulnerable?

I just saw over someone's shoulder an ad for a Tandy 1000HX (I
think...) with one of the features being "MSDOS in ROM". Does anyone
know if this is done in such a way that makes the Tandy machines
invulnerable to many viruses, or does (for example) COMMAND.COM still
come off of floppy disk?

                Mark Eichin
            <eichin@athena.mit.edu>
        SIPB Member & Project Athena ``Watchmaker''

--------------------

*** end of Virus-L issue ***